PIP-II Technical Workshop Software Development Strategy Discussion

Home , AppVeyor, Bitbucket, GNU Bazaar, Launchpad (website), Mercurial

PIP-II Technical Workshop Software Development Strategy Discussion A Partnership of: Tanya Levshina US/DOE SCD/CPI India/DAE Italy/INFN 1-4 December 2020 UK/UKRI-STFC France/CEA, CNRS/IN2P3 Poland/WUST Outline • Key to successful collaboration in global inter‐organizational software development projects • Selection of a shared repository platform • Project organization

2 1-4 December 2020 PIP-II Technical Workshop Key Ingredients for a Successful Project • Clear understanding of – requirements and scope – roles and roadmap • Communication and ongoing reviews • Documentation • Well structured code • Shared repository

3 1-4 December 2020 PIP-II Technical Workshop Shared code repository • Effectively share code in a managed way to speed up development • Avoid code duplication • Encourage best practices in code development • Improve code quality and provide means for collaboration

4 1-4 December 2020 PIP-II Technical Workshop Open-Source Version Control Software (VCS)

Software History Current Repository Atomic Signed Merge Interactive Users Status model Commit revision Tracking Commit

First publicly NetBSD, OpenBSD CVS Maintained Client-server No No No No released July 3, but new 1986; based on features not RCS added. Last release from 2008.

Subversion Started in Active Client-server Yes No Yes Partial ASF, gcc, SourceForge, FreeBSD, (SVN) 2000 by CVS GoogleCode, PuTTY, Apache OpenOffice, developers TWiki with goal of replacing CVS

Mercurial Started by Active Distributed Yes Yes Yes Yes Was used by Facebook and Mozilla at Matt Mackall some point in 2005

GNU Bazaar Canonical Ltd Active Distributed Yes Yes Yes Yes MariaDB, Squid, PyChart, Linux Foundation

GIT Started by Active Distributed Yes Yes Yes Yes Linux kernel, Android, Bugzilla, LG, jQuery, Linus DragonFly BSD, GNOME, GNU Emacs, KDE, Torvalds in MySQL, Ericsson, Microsoft, Huawei, April 2005. Apple, Amazon

5 1-4 December 2020 PIP-II Technical Workshop VCS Properties • Preserved and traceable history • History includes not only files but directories (folder) structure • No single central repository • Ability to maintain a repository while offline • Access control: view/contribute/maintain • Branching/merge support. Merges should be easy especially when there are no conflicts. • Tag management • Built-in diff capabilities • Rollback capabilities • Efficient binary file support GIT is a clear winner for the time being

6• 1-4 December 2020 PIP-II Technical Workshop Requirements for VC Platform (I) • GUI to perform all major operations, preferably from browser • Access Control (Security) • Code review tools • Configurable approval interface • Integration with bug tracking systems • Integration with software build tools • Release management • Integration with Continuous Integration (CI) tools • Documentation

7 1-4 December 2020 PIP-II Technical Workshop Requirements for VC Platform (II) • Search • Notifications • Statistics/metrics and visualization • Various deployment schemas • Integration with 3rd party tools • Integration with IDE

8 1-4 December 2020 PIP-II Technical Workshop Comparison of VC Platforms

Name Users (M) Projects Code Bug Web Wiki Access Build Self hosting (M) review Tracking hosting Control System

GitHub 40 100 Yes Yes Git, SVN Yes Private/ 3rd-party GitHub Public Travis CI, Enterprise Appveyor (Comercial) (addition of “Actions” to GHES)

BitBucket 5 N/A Yes Yes (Jira Git Yes Private/ Yes BitBucket integration) Public Server (Commercial)

Launchpad 4 0.04 Yes Yes Git, Bazaar No Public Ubuntu Yes (Ubuntu only?)

SourceForge 3.7 0.5 Yes Yes Git, SVN, Yes Public No Free Mercurial

GitLab 0.1 0.5 Yes Yes Git Yes Private/ Yes Community Public Edition(Free)/E nterprise Edition (Commercial)

9 1-4 December 2020 PIP-II Technical Workshop VC Platform Pricing GitHub: – Single developer - FREE unlimited private/public repositories (new feature of 2019) and 500MB package size – Team - $4/user/month (with the user and team permissions management) and 2GB package size – Business - $21/user/month and 500GB package size GitLab: – The community edition is free for an unlimited number of users – Enterprise Editions: • Starter is $4/user/month • Premium for $19/user/month • Gold $99/user/month Bitbucket: – Small teams (up to 5 users) can use it for free – Teams pay $1/user/month or the unlimited users' plan, which costs $200/month.

10 1-4 December 2020 PIP-II Technical Workshop Security and Access Control (GitHub) • Dependabot alerts & security update • Public secret scanning • Code scanning on all public repositories • Role-based access control • Could enable 2FA • GitHub Enterprise is integrated with an organization's authentication (LDAP, SAML SSO). • GitHub Enterprise provides audit logs and monitoring

11 1-4 December 2020 PIP-II Technical Workshop Security and Access Control (GitLab) • Code is tested upon commit for security threats • The security team can see and manage unresolved vulnerabilities captured as a by-product of software development. • SAML SSO and enforced 2FA • Premium and Gold provide: – CI/CD for GitHub – Audit events and log • Gold provides: – Credentials inventory and management – Secret detection: prevent secrets from accidently leaking into your Git history. – License compliance: automatically search project dependencies for approved and unapproved licenses

12 1-4 December 2020 PIP-II Technical Workshop PIP-II IT Software Status • LLRF and EPICs IOC firmware/software repository is GIT • Controls related software is in CVS and GIT • VC Platform is Redmine (Open-Source) hosted at Fermilab • Multiple projects are used for LLRF firmware/software repositories in Redmine • Major issues: – code redundancy – storage of binaries (e.g qar files) instead of source code – lack of tagging/release policy

13 1-4 December 2020 PIP-II Technical Workshop Fermilab VC Platform Roadmap • Strong push to use GitHub – Fermilab developers could contribute code to GitHub Open-Source products. – Fermilab developers who are creating a new Open-Source product at GitHub should get an approval from Partnership Agreements and Intellectual Property Management team. Software that is visible to the public and could be reused should have a reference to an appropriate software license. The guidelines for license selection is provided by Fermilab Legal Office. Computing Sector is currently using BSD 3- clause License or Apache 2.0 • The Core Computing Division supports GitHub Enterprise on- Prem. They are running PIP-II IT instance with 20 licenses. In order to get to an access a user should be registered with Fermilab. • The Scientific Computing Division has some experience with GitLab on-Prem.

14 1-4 December 2020 PIP-II Technical Workshop PIP-II Software Organization

• The development of the software for the PIP-II will take several years. • The maintenance of the PIP-II software will take many years. • There are multiple developers and multiple organizations with different approaches for software development and different organizational rules. • That is why it is crucial to figure out how we want to structure a project, so it is possible to: – Understand the layout and dependencies – Understand the purpose of a particular subproject/module – Avoid duplication of development efforts and promote reuse – Decide on branching/tagging and release procedure

15 1-4 December 2020 PIP-II Technical Workshop What Do We Want to Build?

• We would need to identify: – the structural elements and their interfaces – the behavior of the elements specified by the collaborations among those elements – the organization of the elements into progressively larger The slide from Lia Merminga’s presentation subsystems • We would need to decide on architectural style and agree on standards in order to build these elements and their interfaces.

16 1-4 December 2020 PIP-II Technical Workshop What Do We Want to Build?

17 1-4 December 2020 PIP-II Technical Workshop Project Structure Organization Examples (I)

Chaos Organization by teams/ institutions

18 1-4 December 2020 PIP-II Technical Workshop Project Structure Organization Examples (II)

Rumbaugh Model - objects Don't repeat yourself (DRY) in the code mirror objects in principle: "Every piece of knowledge real world. must have a single, unambiguous representation within a system"

19 1-4 December 2020 PIP-II Technical Workshop Topics for discussion

• How to move forward on selection of VC Platform? • What should be contributed to existing Open-Source projects; started as a new Open-Source project; or remain private? • How to organize code that is being written right now so the structure would be suitable for the future development. What are the code and documentation? • What is a review policy for contributed code? • Should CI be part of release process? • What are the requirements for logging and monitoring? • What are cyber security related aspects of the project?

20 1-4 December 2020 PIP-II Technical Workshop